The importance of behaviour analytics as GDPR approaches

In this piece, Dr Jamie Graves of ZoneFox looks at how UEBA technology, which focuses on threats from inside your network, can help with breach identification and the breach notification period that needs to be met for businesses to be GDPR-compliant.

As we move into being less than a month away from the EU General Data Protection Regulations (GDPR) coming into play on May 25th, it’s imperative that organisations begin to prepare for the added responsibilities the regulation brings.

Despite GDPR being a force for good, improving and protecting the way in which your organisation stores and protects data, there are still comprehensive improvements that will need to be actively addressed around breach responsiveness and compliance with the new rules.

Understanding and tackling your duties

The first point to make sure you are confident in is understanding your exact duties as a data controller. As the person in charge of protecting users’ data, you need to ensure that you can detect breaches as quickly as possible and accurately assess the potential damage that has been caused. If your breach response shows consumers may have been affected, then they need to be told. And if it transpires that information has been taken in the breach that could present harm to your consumers, then you must also report this to the relevant data protection authority – in 72 hours or less.

The Breach Team

It’s also vital to remember that complying with a specific regulation is good, but it shouldn’t be your end goal. Working on your breach responsibility capability is also the right thing to do as a business.

That said, you need to ensure that the team you assemble is a little like the Avengers – diverse, with specialities in many different areas and able to work alongside one another. You need legal counsel (quite often fulfilled by the law-savvy Data Protection Officer), risk management personnel, public relations in the mix and a representative from the finance team. Finally, any self-respecting breach response team will also need to include somebody from the IT team.

Using user behaviour analysis tech to turbocharge breach response

Once you’ve got a good handle on your responsibilities and have assembled your team, then you need to focus on getting insights in real-time. This includes insight into the type of data involved in the event, the number of customers affected and how many of their records have been accessed – and that’s all before the data controller looks into consequences and actions to mitigate the event.

The speed and accuracy of these insights can be greatly improved through the use of user behaviour analytics (UBA) and machine learning technologies. These can spot threatening activity in near real-time and can also pinpoint where exactly the issue has taken place. This has the knock-on effect of both identifying what data and what customers have been affected – seriously quickly.

Breach response is more than just an IT issue though, so again, UBA is useful as it can differentiate between attacks that mean consumers must be notified and attacks that need to involve the DPA due to its severity.

Finally, the information gleaned from UBA can form the basis of any communications and mitigation planning, informing the entirety of your breach response team, making it an indispensable tool.

Jamie is a data security and enterprise software entrepreneur and is the CEO at ZoneFox. He attended the prestigious Ignite course at Cambridge University’s Judge Business School, and the Entrepreneur Development Programme at MIT.

Jamie has a PhD in Computer Science, extensive security and digital forensics experience and was recently recognised as the ‘Champion of Champions’ at the inaugural Scottish Cyber Security awards for his contribution to the industry.

ZoneFox protects business-critical assets; data and IP and has a proven track record protecting reputation, sales revenue, and competitive advantage for its growing client base.